adding user confirmation for external domains

2026-05-07 22:45:43 +02:00
parent 1d67a0810d
commit 38cb9bf81f
7 changed files with 172 additions and 9 deletions
@@ -0,0 +1,48 @@
+<?php
+include "../utils/security.php";
+secure_session_start();
+header('Content-Type: application/json');
+
+require_logged_in();
+
+include "../../config/config.php";
+$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
+
+$user_id = $_SESSION['id'];
+$method = $_SERVER['REQUEST_METHOD'];
+
+if ($method === 'GET') {
+    $sql = "SELECT id, domain, confirmed_at FROM confirmed_domains WHERE user_id = ? ORDER BY confirmed_at DESC";
+    $stmt = mysqli_prepare($conn, $sql);
+    mysqli_stmt_bind_param($stmt, 'i', $user_id);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+    $domains = [];
+    while ($row = mysqli_fetch_assoc($result)) {
+        $domains[] = $row;
+    }
+    mysqli_stmt_close($stmt);
+    echo json_encode(['success' => true, 'domains' => $domains]);
+
+} elseif ($method === 'POST') {
+    require_csrf_token();
+    $input = json_decode(file_get_contents('php://input'), true);
+    $domain_id = (int)($input['id'] ?? 0);
+
+    if ($domain_id <= 0) {
+        echo json_encode(['success' => false, 'message' => 'Invalid domain ID.']);
+        exit;
+    }
+
+    $sql = "DELETE FROM confirmed_domains WHERE id = ? AND user_id = ?";
+    $stmt = mysqli_prepare($conn, $sql);
+    mysqli_stmt_bind_param($stmt, 'ii', $domain_id, $user_id);
+    mysqli_stmt_execute($stmt);
+    mysqli_stmt_close($stmt);
+
+    echo json_encode(['success' => true, 'message' => 'Domain removed.']);
+
+} else {
+    echo json_encode(['success' => false, 'message' => 'Invalid request method.'], 405);
+}
+?>